CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA Security+ SY0-701 Practice Question

A security administrator is reviewing the system logs of a recently compromised server. They notice several log entries with failed login attempts followed by a single successful login attempt from an unfamiliar remote IP address. After the successful login, there are commands executed that elevate the privileges of the newly logged-in user. Which of the following actions should the security administrator prioritize to mitigate the immediate threat?

  • Change the passwords for all user accounts.

  • Conduct an immediate forensic analysis on the server.

  • Review and update firewall settings to restrict remote access.

  • Disable the compromised user account.

This question's topic:
CompTIA Security+ SY0-701 / 
Security Operations
Your Score:
Security Operations
General Security Concepts
Threats, Vulnerabilities, and Mitigations
Security Architecture
Security Program Management and Oversight